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IS out in the 802.11b arena, but 
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While this may be the fourth or fifth straight 
year you've heard this, it's finally the year of 
the wireless LAN. 



With the acceptance of the 802.11b standard, a number of products 
and vendors have hit the market with access point products for the 
enterprise. We tested nine wireless LAN access points: the Buffalo 
Airstation from Buffalo Technologies; the Aironet 340 from Cisco; the 
DWL-1000 AP from D-Link; the RoamAbout Access Point 2000 from 
Enterasys; the Intel Pro/Wireless 2011 Access Point from Intel; the 
Intermec 2102 Universal Access Point fronn Intermec; the Orinoco AP- 
1000 Access Point from Lucent; the Harmony 802.11 Access Point and 
Access Point Controller from Proxim; and the Spectrum 24 IIM bit/sec 
Access Point from Symbol Technologies. Breezecom accepted our 
Invitation, but could not send us the equipment for our tests in time to 
be included in the review. 
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To fit into an enterprise network, performance is essential, but it's not 
enough by itself. You also want manageability, stability and security. 
Anyone who has managed large and small U\Ns knows that what works 
in a small office, home office (SOHO) environment doesn't always scale 
well into a company. Several vendors sent us very good SOHO 
equipment that we would have severe reservations about in a larger 
environment. Also, some enterprise gear was lacking in performance. 

In the end, despite a higher price, the Cisco Aironet 340 series 
equipment delivered the best mix of performance and manageability 

and won our World Class Award. 

D-Link, while not truly delivering enterprise-class hardware, offers an 
extremely good price/performance ratio and gets an honorable 
in a SOHO environment. Proxim offers some stunning management 
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tools, but its product's performance was the lowest of any of the 
enterprise-class access offerings. Enterasys and Lucent offer good 
tools, good performance, but their range isn't on par with Cisco's. The 
Intel and all-but-identical Symbol equipment fell a bit short on 
management tools. 

How fast is it? 

We spent a lot of time benchmarking our 802.11b networks, and the 
findings are interesting. In all the tests we ran (see "How we did it," 
page 58), four nodes could saturate the network. An access point is 
comparable to a lOM bit/sec Ethernet segment, so you can use pretty 
much the same guidelines you use for lOBase-T loading to govern 
802.11b loading. 

We were surprised to find such a wide spread of data transfer rates 
between the products. Depending on the test, some network interface 
cards (NIC) were almost twice as fast as others, and some access 
points were as much as 50% faster than others (see graphic, page 52). 

Statistics showed us that lOOM bit/sec Ethernet was between 10 and 
20 times faster than the 802.11b network components, depending on 
the wireless vendor and the test we were running. One thing our 
benchmarks don't show Is what happened to the rest of the network 
while the benchmarks were running. At one point, we ran the usual 
office automation tasks during the testing on lOOM bit/sec Ethernet 
and the wireless LAN. With the lOOM bit/sec Ethernet, the tasks ran at 
an acceptable speed. 

With the 802.11b network, things crawled to a stop while the 
benchmarks were running. In short, the wired Ethernet had more 
headroom. Again, that shouldn't be a surprise. 

We were disappointed by the performance of Proxim's Harmony. 
Proxim has taken an interesting approach with Harmony, making its 
access points "dumber" and putting the intelligence Into the Harmony 
Access Point Controller. With the Intelligence In the controller, you 
automatically get a single point of control. This lets you control many 
more access points (Proxim recommends 10, although it can handle 
more), and also lets you have access points based on different 
technologies. The "dumb" access points also are less expensive than 
those of the other enterprise-class vendors. Several are cheaper, such 
as the D-Link and Buffalo, but they aren't in the same league. 

It was never clear to us why the performance of the Proxim Harmony 
lagged. The system design means that ail Harmony wireless traffic 
crosses the wired network twice, but Proxim assured us that wasn't 
usually a bottleneck, and a bit of math suggests that doubling the 
traffic of an 802.11 link is still less than 20% of the capacity of a 
100Base-T network. 

Security options 

The 802.11b standard offers several layers of security. At the lowest 
level Is the System ID, also known as the Electronic System ID, SSID 
or ESSID. This Is an Identifier code the system manager enters Into the 
setup of all the access points and NICs that will participate In the 
network. By default for all the vendors except Intel and Symbol, you 
can enter the word "any" into the NIC setup, and the PC can participate 
in any network. This makes it easy to get a wireless network running, 
but offers no security. Even if the "any" option is disabled, it isn't hard 
for someone to look up the ESSID and use it later - on a laptop in the 
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parking lot, for example. As a management issue, it is difficult to 
change the ESSIDs of all your access points and NICs quickly. As a 
result, we don't consider ESSIDs to be a valid security tool. Some of 
the NICs had drivers that let us enter several ESSIDs into their setups, 
letting them connect to any number of access points. This offers users 
greater flexibility in connecting to a wireless LAN in a hotel, conference 
center or airport. However, this increased flexibility for the user means 
that the system manager is more constrained from making changes 
because they will impact infrequent users. 

The next layer of security is the access list. The access list contains the 
media access control (MAC) address of the systems that are authorized 
to access the network through that access point. With most NICs, you 
can change MAC addresses at setup, so it is again easy for an 
employee to write down MAC addresses and then enter one of them 
into his laptop in the parking lot. A more significant management 
liability is the access list needs to be entered Into each access point 
that you are managing. Proxim offers a centralized point of 
management through Its Access Point Controller, while Cisco, Enterasys 
and Lucent offer ways to automate the updating process. But for the 
rest of the vendors tested, this remains a manual process. 

The previous security options authenticate the computer to access the 
network rather than the user. The last level of access security is the 
use of Remote Authentication Dial-In User Service (RADIUS). RADIUS 
has the advantage of authenticating the user rather than the machine. 
Based on a user identification and a password, RADIUS can be centrally 
managed. Only D-Link and Intermec don't offer RADIUS compatibility. 
Any password scheme is vulnerable to careless users, but RADIUS 
gives the administrator a central location to disable user access to the 
network, which is a major step forward over previous approaches. We 
strongly prefer a RADIUS-based solution to the other current 
alternatives. 

Once a user has access, the next level of security is encryption. Wire 
Equivalent Privacy (WEP) can use a 40- or 128-bit encryption key to 
keep people from being able to use a product such as a WildPacket's 
AiroPeek to monitor the data. WEP can be disabled. The WEP setting is 
disabled by default across all the tested products. Disabling WEP makes 
It easy to set up a network, but also means that protocol monitors can 
monitor the data on the network. We suggest that you enable WEP as 
soon as the Installation Is done. Each machine can have four WEP keys 
entered Into It, and the system manager can decide which key to use, 
and can use a separate key for transmission and reception. However, 
managing WEP keys can be a significant maintenance and management 
issue. 

Can you manage? 

Management issues can make or break your security, and overall the 
management tools of the products we tested are not where they should 
be. 

Each product offered several ways to control the access point. These 
ranged from serial cables - useful if the access point won't respond to 
other means of persuasion - to telnet, Web interfaces, FTP, SNMP and 
proprietary management consoles. The vendors that offered 
proprietary management consoles usually didn't offer a Web console. 
Enterasys told us that a Web interface couldn't have the richness of its 
proprietary console. Looking at the Cisco, Intel and Symbol Web-based 
consoles showed that a Web-based console could be very rich indeed. 
We preferred using a Web interface because it meant we didn't have to 
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install another set of vendor-specific software on our machines. System 
managers seem to reinstall more often than most, so a Web interface 
means we don't have to keep track of the vendor's CDs and reinstall 
the proprietary client again. 

Some of the units we reviewed don't support a RADIUS server, and as 
a result, they have to use ESSIDs or access lists to control access. As 
mentioned, ESSIDs aren't all that secure. Access lists are a step up, 
but there are some management issues. An access list is a table of the 
MAC addresses of NICs that are allowed to connect to the network. The 
list takes up memory in the access point, so there is a limit of how 
many nodes an access point can support. By default, Cisco supports 
2,048 nodes, but that number can be increased to as many as 64,000, 
although the unit could run out of memory if this Is done. Lucent comes 
in second with 497. After that, the numbers drop off quickly. 

Among the vendors we tested, only Cisco has access lists large enough 
to comfortably support an enterprise-sized network. Most vendors' 
access lists are too small, with most vendors claiming 256 to 512 
entries for an enterprise network that is supposed to support global 
roaming, so RADIUS support is essential for a company. 

Encryption prevents others from grabbing data, but the management 
issue in WEP is distributing and managing the WEP keys. While the 
keys are quite difficult to guess or crack, it is easy to write them down 
and enter them into the laptop. Cisco and Enterasys offer tools to 
distribute and manage WEP keys, so that they can be changed fairly 
easily. However, these are extensions of the 802.11b standard, which 
means you will need to use their NICs as well as their access points to 
take advantage of these management tools. 

As mentioned earlier, Proxim approaches management with its Access 
Point Controller. We liked the management aspects of this, but we are 
concerned that using the controller introduces yet another point of 
failure into a network. 

Hardware considerations 

Where you want to put your access point is governed by radio 
propagation, user locations and property boundaries of your company. 
Then there is the cost, as the price of running a power line can range 
from high to absurd, depending on where you want to put the access 
point. Most vendors, including Cisco, Enterasys, Proxim, Intel, and 
Symbol, offer ways to route power to the access point through an 
Ethernet cable connecting it to the network, which lets you avoid 
installing a power outlet near the access point. However, this approach 
is not yet standardized, and if you are careless a misconnection can fry 
a port in one of your hubs or switches. 

As with the NICs (see story, page 56), antennas are also a crucial 
component of your access point. The units from Buffalo, Enterasys and 
Lucent had no external antennas, which averaged 813K bit/sec on all 
our performance tests, performing worse overall than the units that 
had external antennas, from Cisco, D-Link, Intel, Intermec, Proxim and 
Symbol, which averaged 843K bit/sec on all our performance tests. 
Several vendors say an external antenna increases the signal by about 
15%. However, of greater importance is that you can position the 
external antenna so the signal can avoid obvious obstacles. Because an 
external antenna increases your range, the number of access points 
you'll need to buy to cover your area is reduced. 

Most of the access points are sealed devices. Others, such as Lucent's 
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and Enterasys', use the same NICs to communicate as are used by 
PCs. This has an obvious effect on the antenna - these products have 
internal antennas, although you can purchase an external antenna for 
them too. On the other hand, using PC Card NICs let the customer save 
a bit of money by buying less-expensive NICs if they don't need 128- 
bit WEP keys. 

This also suggests that you could upgrade the access point to higher- 
speed technologies without replacing the entire access point. Whether 
those access points can handle the proposed 22M bit/sec (802.11b 
extensions) and 54M bit/sec (802.11a) topologies remains to be seen. 

The Lucent Access Point-1000 can hold two NICs, which lets you put 
two channels into an area to increase data-handling capability without 
the cost of another access point and its installation - just another NIC 
and antenna. 

Interop, can it happen? 

On the point of interoperability, vendors try to tie you to using their 
access points and NICs. The Lucent NIC client software will show you 
the signal strength of the access point you are using, but if that access 
point isn't a Lucent device, you'll get a warning that you aren't 
connected to an access point. Most vendors offer some degree of 
reduced capability if you insist on mixing and matching different brands 
of access points and NICs. In most cases, the issues are largely 
cosmetic, but they will result in increased calls to the help desk. 

However, until the next generation of products are released, the 
system manager has a difficult decision: Use a single-vendor system, 
with all the NICs and access points coming from that vendor, or forgo 
the more advanced management tools. 

In a closed network, such as a corporate network, the answer is to go 
with a single vendor. In a more open environment, such as a college or 
university network, you may not have that luxury. You can suggest 
what the students and staff should purchase, but when it comes down 
to it, you'll likely have to support whatever the users bought. 

The Proxim product delivered the only compatibility problem we en- 
countered. None of the machines that we used could access a NetWare 
file server through Novell's RConsole, regardless of which NIC the node 
was using. This is a significant issue for a NetWare system manager, 
but it won't really matter to most users. At press time, we were still 
discussing performance and compatibility issues with Proxim, which let 
us unravel the performance issues (see story, page 56) that were 
caused by a slow PC. 

We rated the products tested on installation and documentation. For 
the most part, all products were easy to install and use, and the 
manuals were adequate to their purpose. The one exception was the 
Buffalo manual and software - its manual and on-screen instructions 
were often confusing. 

Let's get wireless? 

At the end of the test, we wouldn't suggest that 802.11b be used to 
replace an existing wired network, unless there's an overriding need to 
do so. The 802.11b standard has its places, and in those places it 
works well. Wireless is great for employees with laptops who move 
around the company, as it lets them stay in touch. It is marvelous for 
installations that have to be set up and taken down quickly, such as 
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student registration automation systems in colleges and universities or 
at a trade show seminar. The cost of installing a wireless network is 
often much less than wiring existing buildings. 

Once the next developments in wireless technology appear - 22M 
bit/sec at 2.4 GHz, and 54M bit/sec at 5.7 GHz - we will be more 
enthusiastic about running more bandwidth-Intensive applications. 

At the end of the day, the Cisco Aironet 340 Access Point earned our 
World Class Award for Its strong fit in the enterprise. 

It delivers consistently higher performance than the other products, 
has good manageability, and the price is not totally out of line. For a 
SOHO environment, we'd lean heavily toward the D-Link DWL-1000 
Access Point because it offers good performance and a gang-busters 
price. 
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RELATED LiNKS 

Avery is the founder of Gunnison Territory Network Consultants, a 
small firm specializing in network design, management and 
administration. He can be reached at mayery#mM.other^^^^^^^^ 
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Avery is also a member of the Network World 
Global Test Alliance, a cooperative of the premier 
reviewers in the network industry, each bringing 
to bear years of practical experience on every 
review. For more Test Alliance Information, including what it takes to 
become a member, go to www.nwfiJSion.com/.3lii«nc«a. 
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Imagine heading home from the office and connecting the same 
notebook to your wireless home network. 

Let's, talk ,aboutMCs 

Looking at wireless network interface cards (NIC) from nine vendors 
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was an eye opener. 

Detailed product information from nine vendors. Compare specific 
criteria or download the vendor information on an excel spreadsheet. 

Cio_ ahead,_ cyt;_t;hA;_wjres 

Companies are installing wireless LANs for portable access to the 
corporate network and providing a better means for collaborating 
with co-workers. 
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